Policy | Security | Investigation

e-discovery

August 31, 2009

Accepted “best practice” says employees like executives should review e-mails and documents one-by-one and decide which to keep and which to destroy. The rationale behind the practice is that it is imprudent to retain all records. This practice further holds that employees should be trained not to keep insignificant documents and email messages, lest record archives fill up with junk, making search for important records more difficult. One more tenet of the best practice is that when litigation is anticipated, the destruction of e-mail and documents (even insignificant messages) related to the topic of the litigation should cease so that records are not spoliated.

Accepted best practice suffered another blow in court. In Goodman v. Praxair Services, Inc., 2009 WL 1955805 (D.Md. July 7, 2009), the court sanctioned a corporation for failing to keep all of an executive’s emails and e-documents on a topic after litigation was threatened, even though during the time in question the executive kept what she deemed to be “relevant” e-mails and documents, while allowing only “irrelevant” ones to be destroyed.

Risk

The case spotlights a big risk associated with the accepted best practice: Knowing when and how to apply a litigation hold is tricky. The danger sprouts from the proclivity of courts to second-guess an enterprise after it, acting through its employees, makes a decision. Although an enterprise makes a decision about whether to implement a litigation hold on Day Number 1 (when the enterprise knows little about the potential lawsuit that may or may not materialize), the court’s review of that decision may happen on Day Number 2601, long after the lawsuit is underway and at a time when it is clear what the focus of the lawsuit is.

Even after the decision to initiate a litigation hold has been made, the hold is hard to implement in practice. If, before the litigation hold, the enterprise's default practice is to destroy records, then to make and enforce an exception to the default for precisely the right records is not easy.

Facts

So what happened in the Goodman case?

First: According to allegation by a consultant, the consultant and the CEO of a corporation speak by telephone (end of December 2000) concerning a disagreement over compensation to the consultant under a contract. Allegedly, the CEO suggested that the consultant take a small amount to settle the matter rather than having to sue the corporation to win more money.

Second: The consultant stated to the corporation in a letter dated January 5, 2001, that he had consulted two attorneys concerning this contract dispute. The letter spoke generally about the possibility that the consultant would pursue a lawsuit on the matter, without forcefully threatening it.

Third: February 19, 2001, the consultant sent a stronger letter threatening litigation.

Fourth: After receipt of the February 19 letter, the corporation’s CEO instituted a litigation hold on all then-existing e-mails and other documents related to the matter in her possession. [What is a "litigation hold" aka "legal hold"? It is a procedure whereby a party, anticipating or knowing of a lawsuit or legal investigation, takes special steps to prevent the loss of records that would normally be destroyed.] The CEO initiated this litigation hold on her own initiative. It was not formally instituted throughout the company and was not instituted under the supervision of counsel. The litigation hold ultimately proved to be imperfect, as the court suspected some relevant documents were destroyed when the CEO’s laptop was later discarded.

Fifth: Before February 19, the CEO’s usual practice was to review each of her e-mails and documents, print the relevant ones (that is, relevant in her eyes) and delete the others.

Sixth: The court seemed to believe that the CEO deleted some e-mailed related to the topic of the lawsuit between January 5 and February 19, although the court did not specifically identify any such e-mails or their content.

Seventh: Despite the litigation hold, the corporation eventually discarded the CEO’s laptop, which, in the opinion of the court, might have held some relevant records. Although the court did not have conclusive evidence that any particular relevant record was destroyed, it distrusted the practice whereby the CEO decided what was and was not relevant. Said the court, “The argument of an accused spoliator that it did not violate its duty to preserve evidence because it retained the ‘relevant’ information and only deleted ‘irrelevant’ information rings particularly hollow. The ultimate decision of what is relevant is not determined by a party's subjective assessment filtered through its own perception of self-interest.”

Three years after the consultant sent the letters identified above, the consultant sued and sought e-discovery for all of the CEO’s relevant e-mails and e-documents. The corporation turned over the records it had. The corporation said it had not required to institute a litigation hold until February 19, 2001, because until then it could not have reasonably expected the topic to materialize into a lawsuit. The corporation further argued that nothing relevant had been destroyed because the CEO kept what she thought was relevant.

Ruling: Spoliation

The court, however, ruled that the corporation had committed spoliation because it should have applied a litigation hold on all the CEO’s email and e-documents touching on the subject of the lawsuit, starting from the January 5, 2001, letter. (As I said, that’s the letter that talked generally about a lawsuit, without forcefully threatening it.) Instead, the CEO said her legal hold started with the February 19 letter.

The key to this case is that the court believed the litigation hold started too late. The court seemed suspicious that the CEO destroyed some relevant evidence between January 5 and February 19, although the court could not specifically put its finger on what that evidence was.

Punishment: Strategic Disadvantage in Lawsuit

To punish the spoliation, the court dealt the corporation a strategic disadvantage. It said that when the jury is empaneled as the lawsuit goes to trial, the jury will be informed that the corporation was negligent in its preservation of relevant e-mails and electronic documents. This strategic disadvantage could make it more difficult for the corporation to win the case. (See important footnote below.)

The court further held that the consultant would be entitled to reimbursement from the corporation for some of the consultant’s litigation costs in pursuing the spoliation complaint.

Analysis: Incentive for More Generous Retention

The court’s application of law to the facts of this case fails to persuade me. I respectfully observe that the court could not identify any relevant record that had been destroyed and could not establish that any such record had been destroyed. Nevertheless, the opinion is influential because it was written by a federal magistrate judge, Paul W. Grimm, who is considered a leader in the law of ediscovery.

Regardless of whether the court applied the law correctly, the case continues a distinct trend in American jurisprudence. In this decade, courts have tended to expect enterprise electronic mail records to be well preserved and are suspicious if they are not. Selective printing of e-mail by executives has evoked judicial skepticism.

What does this case, and the trend which it continues, tell people who craft real-world policies for the review, retention and destruction of enterprise electronic mail? They suggest that policy makers are wiser to keep all the records of important people a long time. They suggest that the accepted “best practice” is under siege.

Safer Practice: Keep More Email of Important People

But wait. The Goodman court did not say that a corporation must keep all the records of important people. All the court said was “don’t spoliate,” which strictly speaking means don’t destroy records when you have reason to believe they will be needed for future litigation. That’s easier said than done. My experience says it is very hard in practice for an enterprise to divine what a court (which has not even been selected yet because no lawsuit has been filed) may consider important several years in the future. Further, few organizations can afford to have lawyers regularly engaged in analysis as to whether a legal hold should be applied at this time to these records versus that time for those records. Therefore, the safer practice is to keep a lot of digital records, as the cost of digital storage is dropping.

With that said, I believe it is very hard to “keep all the records of important people a long time.” As archival technology advances, that may become easier.

However, as of today, I argue that an enterprise is wise to place emphasis on the long-term retention of e-mail by executives and other decision-makers. The reason is that email is a choke point in the modern enterprise. It records rich, time-stamped detail about the activities of the enterprise, including copies of, references to or links to documents like spreadsheets.

Email is not a comprehensive journal of the activities in an enterprise, but it is key, and the technology available for archiving it is relatively well-developed and economical to implement.

–Benjamin Wright

A practicing attorney, Mr. Wright teaches the law of data security and investigations at the SANS Institute.

Footnote: I don’t wish to overstate the severity of the sanction the court applied in this case. The court held that the consultant “is entitled to an adverse jury instruction . . . with respect to [the corporation]'s failure to preserve [the CEO]'s laptop and [the CEO]'s failure to preserve her relevant emails and documents. The appropriate instruction would be a general adverse instruction that permits, but does not require, the jury to draw an adverse inference against [the corporation] as a result of its violation of the duty to preserve relevant evidence.” Although this does deal an advantage to the consultant, it is not a decisive advantage. The corporation may be able to overcome it and still prevail at trial. The sanction is less severe than the sanction in some other leading e-spoliation cases. Hence, Goodman should not be taken as earth-rocking authority for the proposition that enterprises will be treated harshly if they rely on executives to decide, one-by-one, which record is relevant for retention and which is not.

CIBC sued Genuity, alleging it had stolen trade secrets from CIBC. When a lawsuit like this is filed, the parties are expected to apply a litigation hold to ensure no records are destroyed. But a litigation hold is hard to implement if a litigant is not causing copies of all business e-mails to be stored in a central archive. Furthermore, if the litigant is not storing copies of all its employees’ messages, then it may be forced to canvass their home computers.

In the CIBC case, the court permitted forensics experts to go to great lengths and expense to locate e-mail. They were granted access to all PCs, BlackBerries (smart mobile phones) and similar devices under the influence of the Genuity's employees, including devices at home (like iPods, iPhones or Androids) and belonging to spouses and children! (In an investigation like this, imagine what goes through the mind of an employee who might have been involved in any kind of marital strife or infidelity.)

The lesson from the case is that enterprises are wise to keep extensive, centrally-managed archives of all business-related e-mail (including webmail, SMS, MMS [multimedia message service], text messages and instant messages) by employees and other personnel. That way they avoid the expense and hassle associated with searches of home computers and other personal gadgets.

This topic grows more important as informal electronic contracting, such as trading in OTC derivatives, attracts greater scrutiny, regulation, litigation and investigations.

April 24, 2009

Does the cost of filtering attorney-client communications from legal disclosures justify a policy of skimpy retention of email?

To understand that question, we need background: If an enterprise possesses records, it must be prepared to disclose them when required to do so by law. Disclosure entails effort to find and compile the relevant records. If the records are paper, the searching and compiling are performed manually. But if the records are electronic, automated methods for searching and compiling may be available.

For records of electronic mail, modern archival technology enables easy searches, even if the number of records is large. Search engines can make finding/compiling records rather low cost. From a policy perspective, those low costs help to justify more complete and lengthy retention of e-mail within an enterprise.

But wait. Some say those low costs are offset by the expense of screening out attorney communications when law requires that the enterprise disclose records.

Is that true? Let’s analyze the topic.

When the owner of e-mail records such as a public agency must release records under e-discovery or freedom of information act (FOIA), the owner may normally withhold those records protected by attorney-client privilege. Why? The law wants to encourage open communication between counsel and client and to enable lawyers to create work product outside the scrutiny of adversaries.

Given this right to withhold, a record holder naturally wants to cull out any protected attorney communications before it discloses records. If performed manually, this detection and sifting can involve much time and expense. Some therefore argue the holder would have been wiser in the first place not to have retained the records. They advocate deleting e-mail records as soon as possible. If the holder does not possess the records, they say, the holder avoids the eventual cost of filtering out the protected records.

Sure, search engines can make mistakes. A lady from a government agency reminded me that if a privileged e-mail slips out in a FOIA disclosure, the law provides no way to claw it back. So her agency tediously examines e-mails before divulging them.

My reply: people make mistakes too. Moreover, the risk of an occasional privilege slip-up is small reason for a government agency to adopt a policy of early e-mail destruction. While I respect the agency’s need for confidentiality with its lawyers, many other considerations suggest the agency is wise to keep generous electronic mail records.

Another point: is it really in the public’s interest for a government agency to place colossal emphasis on protecting its lawyer records?

As the costs drop for implementing pretty-good automated measures for screening out protected records, the argument for minimizing the size of email archives drops too.

March 04, 2009

E-discovery (EDD) is a topic of growing importance in international dispute resolution. Although the US courts are considered the hotbed of e-discovery (along with, to a lesser extent, the other common law-based courts of UK, Canada and Australia), the topic cannot be ignored anywhere in the world. For this reason, foreign (i.e., non-US and non-English tradition) organizations have growing reason to retain plentiful e-mail records, even if they have little or no exposure to the jurisdiction of US or other English-tradition courts.

Item One: The Chartered Institute of Arbitrators (known as CIArb, based in London) has published the Protocol for E-Disclosure in Arbitration. In general, the Protocol is akin to the 2006 e-discovery amendments to the US Federal Rules of Civil Procedure. It confirms that “e-disclosure” (British for “e-discovery”) is a legitimate, even common issue in modern business-commercial arbitration, regardless of whether the common law countries (e.g., US, UK, Canada, Australia, New Zealand and in Asia Signapore) are involved. Further, similar to amended FRCP 16(b) and 26(a) & (f), the Protocol urges parties to confer early and often on e-discovery issues and seek to reach agreement on matters such as the scope, method and cost of e-discovery. And, similar to amended FRCP 26(b)(2), the Protocol presumes that hard-to-reach e-data (electronically stored information or ESI) are outside the scope of disclosure, though the presumption can be overcome.

Item Two: Could the e-discovery law of American courts hold that a continental European government, which hails from a civil law tradition (sometimes called the Roman law tradition), spoliate e-mail records? The glaring answer is yes. In Reino de Espana v. American Bureau of Shipping, 2006 U.S. Dist. LEXIS 81415 (S.D.N.Y. Nov. 3, 2006), the national government of Spain sued a US enterprise, in US federal court, regarding an oil spill near Spain. But as Spain initiated this lawsuit, it failed internally to implement an effective litigation hold on its own e-mail records. Spanish government computers lost, destroyed, deleted, erased relevant records. The US court ruled that the government of Spain was at fault for spoliation.

The law of spoliation is a key reason that US institutions have learned that generous, centralized retention of e-mail is today wise. The Spanish government has now learned the same lesson.

February 23, 2009

IT network backup can store many e-mails that are relevant and discoverable in a lawsuit. But to search for e-mail by way of network backup is very inefficient.

Sometimes, courts do order organizations to go into backup to retrieve computer records - to the vexation of the IT department. The risk that such an order might someday come is one reason for an enterprise to keep plentiful e-mail archives in a system specifically designed for storage and search of large volumes of records.

In a commercial dispute between telecommunications carriers, the plaintiff demanded e-mail records from defendant Telstra. Telstra’s records of many of these e-mails were available only in network backup. The court ordered Telstra to search backup tapes, at considerable expense, to retrieve certain e-mails.

Telstra did not have to design its e-mail system so that backup was the archive. Had the company, as a matter of routine policy, treated its e-mails as durable assets of the company – preserved in an archival appliance that allows for easy records search and management – it would not have been forced to rummage through backup for e-discovery.

–Benjamin Wright

Mr. Wright is an advisor to Messaging Architects, leader in email record retention, recovery and investigation. See free, recorded webinar.

IT Administrators

Twitter

Wright's Google Profile

Custom Professional Training

Local ARMA Quote

"The presentation by Mr. Wright, sponsored by Messaging Architects, was engaging and provocative. He delivered insights that challenged some of our views on retaining e-mail, and definitely shattered others." - Terry Mergele, CRM, Program Chair, San Antonio ARMA.

Blogger

Attorney Benjamin Wright is the author of technology law books, including The Law of Electronic Commerce (Aspen Publishers) and Business Law and Computer Security (SANS). A featured speaker at industry conferences and professional meetings, Wright teaches e-discovery, data security and cyber investigations law at the SANS Institute. Mr. Wright advises clients on digital law and forensic investigations. He is a pioneer in the promotion of public relations to address Internet legal issues and crises. His telephone is 1.214.403.6642. Wright's e-mail is ben_wright at compuserve dot com (put "BLOG" in subject line to distinguish yourself from spam). Mr. Wright graduated from Georgetown University Law Center 1984.

SANS Quote

"The best professional trainer in the country on these issues is Ben Wright." --Stephen H. Chapman, Principal and CEO, Security Advisers, LLC, and student in Mr. Wright's SANS legal training

Important!

No public statement by Mr. Wright (blog, comment, book, article, video, speech, tweet) is legal advice for any particular situation. If you need legal advice, you should consult your lawyer.

The purpose of this blog -- and the purpose of all of Mr. Wright's public statements -- are public education and discussion, and not the delivery of legal, technical or other professional advice. If you need advice or complete information, this blog is not the place to get it. Mr. Wright's public statements are offered as-is, with no warranty of accuracy or reliability. Mr. Wright sometimes revises his published ideas. If you use the ideas, you do so at your own risk.

Mr. Wright's public statements on blogs and the like are not intended to advertise or solicit legal services.

Mr. Wright's contributions to blogs, web courses and the like constitute part of the online update service for the book The Law of Electronic Commerce. Originally released 1991, and revised continually since then, the book is a reference for lawyers, published by Wolters Kluwer Law.

The only person responsible for Mr. Wright's words is Mr. Wright.

Mr. Wright has received money from some organizations he mentions online, such as Netmail/Messaging Architects, SANS Institute and LabMD.

Mr. Wright strives to comply with all applicable laws. He does not have and never has had intention to infringe the rights of anyone. If any person has any information, suspicion or belief that Mr. Wright has done anything illegal or unethical, he asks that person promptly to notify him at 1.214.403.6642, Dallas, TX. Also, please state publicly on Mr. Wright's blogs or pages that he is wrong. Promptness helps mitigate damage.

Any person accessing this blog agrees not to use data from it (or from any other public activity or statement by Mr. Wright) in a way that is adverse to Mr. Wright's interests.

Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly so agree. Interaction with Mr. Wright through public media does not create an attorney-client relationship. Exchanging private messages with Mr. Wright does not, by itself, form an attorney-client relationship.

Privacy/Security Vision: Some people provide Mr. Wright private information. Mr. Wright strives to treat such information reasonably according to the circumstances. People should have no more than reasonable expectations about information security. It is unreasonable to expect that the offices, computers, cell phones, brief cases, filing cabinets and online or other services used by Mr. Wright are very secure.

E-mail Mr. Wright

Mr. Wright does not have an attorney-client relationship with any person unless and until he and that person explicitly, formally agree that the relationship is being formed. He does not give advice to non-clients.